iptables

Config file (arch)

/etc/iptables/iptables.rules

Regeln speichern

iptables-save > /etc/iptables/iptables.rules

Regeln manuell laden

iptables-restore < /etc/iptables/iptables.rules

Systemd service

sudo systemctl enable iptables

Policies

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Basic Regeln

  • Verbindungsherstellung erlauben (FORWARD-Chain nur benötigt für Routing)
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  • Input-Accept für Local/Loopback Interface
iptables -A INPUT -i lo -j ACCEPT
  • Zugang zu FORWARD-Chain für lokales Netzwerk (192.168.0.0/24 als SOURCE -s)
iptables -A FORWARD -i eth0 -s 192.168.0.0/24 -j ACCEPT

Port öffnen

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

Port schließen / Regel entfernen

iptables -D INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

NAT/Masquerading

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Read More

raspberry pi / arch linux: wifi router

wifi-driver EDIMAX The whole crux of the issue is that hostapd is not compatible with the RTL8188CUS chipset

wget http://www.daveconroy.com/wp3/wp-content/uploads/2013/07/hostapd.zip
unzip hostapd.zip 
sudo mv /usr/sbin/hostapd /usr/sbin/hostapd.bak
sudo mv hostapd /usr/sbin/hostapd.edimax 
sudo ln -sf /usr/sbin/hostapd.edimax /usr/sbin/hostapd 
sudo chown root.root /usr/sbin/hostapd 
sudo chmod 755 /usr/sbin/hostapd

hostapd (access point) dnsmasq (dhcp/dns) iptables/NAT

http://wireless.kernel.org/en/users/Documentation/hostapd#Common_Options

TBC

Read More

AUR

AUR Helper installieren (z.B. pacaur/yaourt/packer -> https://wiki.archlinux.org/index.php/AUR_helper)

1. tarball aus AUR laden

mkdir builds
curl -O https://aur.archlinux.org/packages/fo/foo/foo.tar.gz

2. tarball entpacken

tar -xvzf foo.tar.gz

3. Run makepkg in the directory where the files are saved
(makepkg -s will automatically resolve dependencies with pacman). This will download the code, compile it and pack it.

4. Generiertes Paket installieren

pacman -U /path/to/pkg.tar.xz

Read More

systemd services

https://wiki.archlinux.org/index.php/Systemd

systemd-befehle

systemctl status example.service
systemctl enable/disable example.service
systemctl start/stop example.service
journalctl

systemd-Service erstellen

Service in /etc/systemd/system/ erstellen (z.B. example.service)

[Unit]
Description=

Beschreibung/Name des Services

[Service]
WorkingDirectory=   

Verzeichnis des Service-Skripts

Type=

Start-Up Type (z.B. simple/forking/oneshot https://wiki.archlinux.org/index.php/Systemd#Type)

RemainAfterExit=yes

Service bleibt “active” falls Skript exitet

ExecStart=  

auszuführendes Skript inkl. Parameter

[Install]
WantedBy=

target eintragen (verfügbare anzeigen: systemctl list-units --type=target)


rauskopieren
/etc/systemd/system/example.service

[Unit]
Description=

[Service] 
WorkingDirectory= 
Type= 
RemainAfterExit=yes 
ExecStart=

[Install] 
WantedBy=

Read More

delete old kernels / cleanup /boot (ubuntu/debian)

http://askubuntu.com/questions/89710/how-do-i-free-up-more-space-in-boot

  • verwendeten kernel anzeigen

    uname -r

  • alle nicht verwendeten (alten) kernels anzeigen:

    dpkg -l linux-* | awk ‘/^ii/{ print $2}’ | grep -v -e uname -r | cut -f1,2 -d"-" | grep -e [0-9]

  • alle nicht verwendeten (alten) kernels löschen

    dpkg -l linux-* | awk ‘/^ii/{ print $2}’ | grep -v -e uname -r | cut -f1,2 -d"-" | grep -e [0-9] | xargs sudo apt-get -y purge

(befehle müssen im edit-modus kopiert werden, da WP aus “ ein code-quote erstellt und den befehl damit unbrauchbar macht)


ubuntu/debian only!

Read More